diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/admin.js | 3 | ||||
-rw-r--r-- | server/middlewares/validators/videos.js | 30 |
2 files changed, 16 insertions, 17 deletions
diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js index e6d9dc887..3288f4c6b 100644 --- a/server/middlewares/admin.js +++ b/server/middlewares/admin.js | |||
@@ -1,6 +1,5 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const constants = require('../initializers/constants') | ||
4 | const logger = require('../helpers/logger') | 3 | const logger = require('../helpers/logger') |
5 | 4 | ||
6 | const adminMiddleware = { | 5 | const adminMiddleware = { |
@@ -9,7 +8,7 @@ const adminMiddleware = { | |||
9 | 8 | ||
10 | function ensureIsAdmin (req, res, next) { | 9 | function ensureIsAdmin (req, res, next) { |
11 | const user = res.locals.oauth.token.user | 10 | const user = res.locals.oauth.token.user |
12 | if (user.role !== constants.USER_ROLES.ADMIN) { | 11 | if (user.isAdmin() === false) { |
13 | logger.info('A non admin user is trying to access to an admin content.') | 12 | logger.info('A non admin user is trying to access to an admin content.') |
14 | return res.sendStatus(403) | 13 | return res.sendStatus(403) |
15 | } | 14 | } |
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 86a7e39ae..f18ca1597 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js | |||
@@ -137,6 +137,18 @@ function videoRate (req, res, next) { | |||
137 | }) | 137 | }) |
138 | } | 138 | } |
139 | 139 | ||
140 | function videosBlacklist (req, res, next) { | ||
141 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) | ||
142 | |||
143 | logger.debug('Checking videosBlacklist parameters', { parameters: req.params }) | ||
144 | |||
145 | checkErrors(req, res, function () { | ||
146 | checkVideoExists(req.params.id, res, function () { | ||
147 | checkVideoIsBlacklistable(req, res, next) | ||
148 | }) | ||
149 | }) | ||
150 | } | ||
151 | |||
140 | // --------------------------------------------------------------------------- | 152 | // --------------------------------------------------------------------------- |
141 | 153 | ||
142 | module.exports = validatorsVideos | 154 | module.exports = validatorsVideos |
@@ -166,8 +178,8 @@ function checkUserCanDeleteVideo (userId, res, callback) { | |||
166 | } | 178 | } |
167 | 179 | ||
168 | // Check if the user can delete the video | 180 | // Check if the user can delete the video |
169 | // The user can delete it if s/he an admin | 181 | // The user can delete it if s/he is an admin |
170 | // Or if s/he is the video's author | 182 | // Or if s/he is the video's author |
171 | if (user.isAdmin() === false) { | 183 | if (user.isAdmin() === false) { |
172 | if (res.locals.video.isOwned() === false) { | 184 | if (res.locals.video.isOwned() === false) { |
173 | return res.status(403).send('Cannot remove video of another pod') | 185 | return res.status(403).send('Cannot remove video of another pod') |
@@ -185,20 +197,8 @@ function checkUserCanDeleteVideo (userId, res, callback) { | |||
185 | 197 | ||
186 | function checkVideoIsBlacklistable (req, res, callback) { | 198 | function checkVideoIsBlacklistable (req, res, callback) { |
187 | if (res.locals.video.isOwned() === true) { | 199 | if (res.locals.video.isOwned() === true) { |
188 | return res.status(403).send('Cannot blacklist a local video') | 200 | return res.status(403).send('Cannot blacklist a local video') |
189 | } | 201 | } |
190 | 202 | ||
191 | callback() | 203 | callback() |
192 | } | 204 | } |
193 | |||
194 | function videosBlacklist (req, res, next) { | ||
195 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) | ||
196 | |||
197 | logger.debug('Checking videosBlacklist parameters', { parameters: req.params }) | ||
198 | |||
199 | checkErrors(req, res, function () { | ||
200 | checkVideoExists(req.params.id, res, function() { | ||
201 | checkVideoIsBlacklistable(req, res, next) | ||
202 | }) | ||
203 | }) | ||
204 | } | ||